Class OAuth2AuthenticationEntryPoint
java.lang.Object
org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
com.broadleafcommerce.auth.user.session.OAuth2AuthenticationEntryPoint
- All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean
,org.springframework.security.web.AuthenticationEntryPoint
public class OAuth2AuthenticationEntryPoint
extends org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
Provides a behavior consistent with
http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest. Specifically, inclusion of the
prompt=none
parameter. This implementation will detect the inclusion of the prompt
request param, and if detected to be none, will return an error response consistent with OIDC,
rather than redirect to the login page. This allows for silent authentication flows that are
suitable for SPA use cases.- Author:
- Jeff Fischer
-
Constructor Summary
ConstructorDescriptionOAuth2AuthenticationEntryPoint
(String loginFormUrl, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver, boolean useRedirectUriHost) TheuseRedirectUriHost
flag has been deprecated as the ForwardedHeaderFilter should be used in all circumstances to correctly determine the redirect URI. -
Method Summary
Modifier and TypeMethodDescriptionvoid
commence
(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException authException) protected String
determineUrlToUseForThisRequest
(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException exception) org.springframework.security.oauth2.provider.ClientDetailsService
org.springframework.security.oauth2.provider.endpoint.RedirectResolver
org.springframework.security.web.RedirectStrategy
boolean
void
setClientDetailsService
(org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService) void
setRedirectResolver
(org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver) void
setRedirectStrategy
(org.springframework.security.web.RedirectStrategy redirectStrategy) void
setUseRedirectUriHost
(boolean useRedirectUriHost) Methods inherited from class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
afterPropertiesSet, buildHttpsRedirectUrlForRequest, buildRedirectUrlToLoginPage, getLoginFormUrl, getPortMapper, getPortResolver, isForceHttps, isUseForward, setForceHttps, setPortMapper, setPortResolver, setUseForward
-
Constructor Details
-
OAuth2AuthenticationEntryPoint
public OAuth2AuthenticationEntryPoint(String loginFormUrl, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver, @Deprecated boolean useRedirectUriHost) TheuseRedirectUriHost
flag has been deprecated as the ForwardedHeaderFilter should be used in all circumstances to correctly determine the redirect URI. When it is used, the requests will automatically be redirected to the forwarded host/path.
-
-
Method Details
-
commence
public void commence(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException authException) throws IOException, javax.servlet.ServletException - Specified by:
commence
in interfaceorg.springframework.security.web.AuthenticationEntryPoint
- Overrides:
commence
in classorg.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- Throws:
IOException
javax.servlet.ServletException
-
determineUrlToUseForThisRequest
protected String determineUrlToUseForThisRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException exception) - Overrides:
determineUrlToUseForThisRequest
in classorg.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
-
getRedirectResolver
public org.springframework.security.oauth2.provider.endpoint.RedirectResolver getRedirectResolver() -
getClientDetailsService
public org.springframework.security.oauth2.provider.ClientDetailsService getClientDetailsService() -
getRedirectStrategy
public org.springframework.security.web.RedirectStrategy getRedirectStrategy() -
isUseRedirectUriHost
public boolean isUseRedirectUriHost() -
setRedirectResolver
public void setRedirectResolver(org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver) -
setClientDetailsService
public void setClientDetailsService(org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService) -
setRedirectStrategy
public void setRedirectStrategy(org.springframework.security.web.RedirectStrategy redirectStrategy) -
setUseRedirectUriHost
public void setUseRedirectUriHost(boolean useRedirectUriHost)
-